I think they mean where an account has been made and given rights before the user account is logged into, thus making it not a bug. On 03/08/10 01:22, Q wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA256 > > On 8/2/2010 7:18 PM, [email protected] wrote: > >> Say, I noticed on Wikia one can make a user an administrator, even if he >> has never logged in yet. >> >> This exposes a security risk. A bureaucrat pre-makes some accounts for >> future administrators, but before they establish accounts, somebody else >> establishes an account with that name, and becomes an instant >> administrator. >> >> I'm wondering if the is a MediaWiki-wide bug, or just Wikia's. >> > Wikia bug if they're doing something stupid like populating the user > groups table without a corresponding user. MediaWiki wont let you > assign groups to users that don't exist. > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v2.0.14 (MingW32) > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ > > iQEcBAEBCAAGBQJMV2E2AAoJEL+AqFCTAyc2c6oIAJkC9sDm+w6IVCYdQ8/iYdbd > Zd2z2tz+AJCE+ZNa6BFb3dCEl1yUcpp0D4b0iRA2Cn0AgjTXQuz0wSsVT6MTiSI1 > 1OM2D9Tlv/xoY0PotVevIFuCaO4XKIzkAUpWR8Htc0rhh8f1+Lo7k668iG4yWIFS > iSBlHdsG5G+Ugqk9IbCRm9jErL8WkGUz/D5b9KD7Azu8CtCOSCowOz3qvuJNT7z+ > KgDQCp4aavl7FZEDYhqxjYQPWIDsHI7d3nBoD713vpjfSCroYkrDa9v0ZqlMRTFw > agL1XBG+7fanaz0iIqDcOxrgIUL1AqEXNtEt32frKrE546euRhb+sFyIVFhJxBI= > =5hTF > -----END PGP SIGNATURE----- > > _______________________________________________ > MediaWiki-l mailing list > [email protected] > https://lists.wikimedia.org/mailman/listinfo/mediawiki-l >
_______________________________________________ MediaWiki-l mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/mediawiki-l
